The most successful businesses are those with confidence in their ability to store, access and use data effectively. Rather than focusing on the nuts and bolts of storage, this view point looks at the data it holds and more importantly, what can be done with it.

This review looks at why small businesses need to stop being complacent about their networks and at what they can do to maintain their competitive edge as they follow the big boys down the route of increasing collaboration and other bandwidth-hungry applications likely to impact on network performance and availability.

"A zero-day vulnerability was recently discovered that exploits a Microsoft graphics component using malicious Word documents as the initial infection vector. Our analysis has revealed a connection between these attacks and those previously documented in Operation Hangover," FireEye disclosed in a post on its blog.

"However, we have found that another group also has access to this exploit and is using it to deliver the Citadel Trojan malware. This group, which we call the Arx group, may have had access to the exploit before the Hangover group did."

The FireEye researchers said the two groups had very different motives and goals when targeting the exploits. The use of the exploits by the Hangover hackers is believed to be a simple extension of the group's previous information-stealing activities.

"Information obtained from a command-and-control server (CnC) used in recent attacks leveraging this zero-day exploit revealed that the Hangover group, believed to operate from India, has compromised 78 computers, 47 percent of those in Pakistan," FireEye said.

"It appears that when the target systems successfully checked in to the CnC server, the server could push down an executable file to be executed on the targeted system. The result of that action was recorded in Result.txt.

"We obtained a number of these second-stage executables listed in the Result.txt output from a Hangover-linked CnC server. These executables included a variety of tools including a reverse-shell backdoor, a keylogger, a screenshot grabber and a document exfiltration tool."

The Arx Group by contrast was listed as having more basic criminal goals. "Malware linked to the Arx group is usually sent out in [fake] ‘Swift Payment' emails. These emails are common in spam campaigns and typically drop banking Trojans and other crimeware," read the FireEye post.